From owner-freebsd-jail@freebsd.org Sun Aug 28 00:07:39 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AD619B788CC for ; Sun, 28 Aug 2016 00:07:39 +0000 (UTC) (envelope-from rleigh@codelibre.net) Received: from auth.a.painless.aa.net.uk (auth.a.painless.aa.net.uk [90.155.4.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 55441E27 for ; Sun, 28 Aug 2016 00:07:39 +0000 (UTC) (envelope-from rleigh@codelibre.net) Received: from 7.5.2.1.f.5.e.f.f.f.c.4.4.a.2.6.d.b.d.d.0.6.8.0.0.b.8.0.1.0.0.2.ip6.arpa ([2001:8b0:860:ddbd:62a4:4cff:fe5f:1257]) by a.painless.aa.net.uk with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77) (envelope-from ) id 1bdndQ-0002bv-0H for freebsd-jail@freebsd.org; Sun, 28 Aug 2016 01:07:36 +0100 Subject: Re: Jails and IPv6 local loopback References: <57C20EA8.3030906@gmail.com> <57C221AA.3070404@gmail.com> To: freebsd-jail@freebsd.org From: Roger Leigh Message-ID: Date: Sun, 28 Aug 2016 01:07:35 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: <57C221AA.3070404@gmail.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Aug 2016 00:07:39 -0000 On 28/08/16 00:26, Ernie Luzar wrote: > Roger Leigh wrote: >> In my case, I haven't set anything related to the loopback interface >> lo0 for the jail. The host has working v4 and v6 loopback addresses. >> The guest has only working v4. Why not for v6? >> >> interface = "bge0"; >> ip4.addr = "192.168.1.12"; >> ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002"; >> allow.raw_sockets = "1"; >> >> is the extent of the configuration. I specify both v4 and v6 >> addresses on bge0. I don't specify anything loopback-related, so why >> is it mapping v4 and not v6? The discrepancy seems a little odd. >> >> Is there a solution to the problem at present? What would the >> recommended configuration in jail.conf be for obtaining working v4 and >> v6 addresses on the loopback interface inside the jail? >> > > Previously you posted this as your jail.conf > bfcpp { > host.hostname = "bfcpp.codelibre.net"; > interface = "bge0"; > ip4.addr = "192.168.1.12"; > ip6.addr = "2001:8b0:860:ddbd:3aea:a7ff:feab:7002"; > allow.raw_sockets = "1"; > path = "/jail/bfcpp"; > mount.devfs; > mount.fdescfs; > mount.procfs; > mount.fstab="/etc/fstab.bfcpp"; > exec.start = "/bin/sh /etc/rc"; > exec.stop = "/bin/sh /etc/rc.shutdown"; > exec.clean; > exec.jail_user = "root"; > exec.system_jail_user; > } > > I see no reason for these > mount.fdescfs; > mount.procfs; > exec.clean; > exec.jail_user = "root"; > exec.system_jail_user; > not the cause of your problem, just not needed. > > Your assuming that ping6 is broken just because its having a problem > with localhost. Try ping6 against some other box on the lan using it's > ipv6 ip address. I'm not assuming that ping6 is broken. The jail has a working v6 global address. ping6 works fine to other hosts using global addresses, and I can SSH into the jail from any v6 system using its AAAA record. % host bfcpp.codelibre.net bfcpp.codelibre.net has IPv6 address 2001:8b0:860:ddbd:3aea:a7ff:feab:7002 % ssh bfcpp.codelibre.net Last login: Sat Aug 27 20:23:24 2016 from 7.5.2.1.f.5.e.f.f.f.c.4.4.a.2.6.d.b.d.d.0.6.8.0.0.b.8.0.1.0.0.2.ip6.arpa FreeBSD 11.0-RC2 (GENERIC) #0 r304729: Wed Aug 24 06:59:03 UTC 2016 The fact that global IPv6 networking is functional is not really relevant to the question I asked though. What I can't do is ping6 the *localhost*, which I mentioned purely to demonstrate the lack of a working v6 loopback, and hence I can't run v6 services on the localhost due to missing the v6 loopback. This is the missing functionality I need, and the question I'm asking here which has been unanswered is how to enable that. > You need to define the hosts ipv6 ip address to localhost in the hosts > /etc/hosts file. > > You may also have to define the jails ipv6 ip address to localhost in > the jails /etc/hosts file. This isn't what I want or need I'm afraid. I do require the loopback working on v6 specifically, and not just a tweak to the localhost hostname. Some of the services to be deployed in the jails run on the public interfaces, some on the local loopback, and that type of hack wouldn't be acceptable for deployment. Is it possible to enable v6 loopback on lo0 in the jail using jail.conf? Regards, Roger From owner-freebsd-jail@freebsd.org Sun Aug 28 21:58:44 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 38C96B77DB7 for ; Sun, 28 Aug 2016 21:58:44 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from msa1.earth.yoonka.com (yoonka.com [185.24.122.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "msa1.earth.yoonka.com", Issuer "msa1.earth.yoonka.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DF674A14 for ; Sun, 28 Aug 2016 21:58:43 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from crayon2.yoonka.com (crayon2.yoonka.com [10.70.7.20]) (authenticated bits=0) by msa1.earth.yoonka.com (8.15.2/8.15.2) with ESMTPSA id u7SLgJj9077318 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Sun, 28 Aug 2016 21:42:19 GMT (envelope-from list1@gjunka.com) To: freebsd-jail@freebsd.org From: Grzegorz Junka Subject: jail not found error? Message-ID: <4c2fb0fd-051c-5b80-018d-e3cbf91bd56d@gjunka.com> Date: Sun, 28 Aug 2016 21:42:19 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Aug 2016 21:58:44 -0000 I am trying to set up a Centos 6 jail. It fails with the following error: root@ultrabook:~ # service jail start centos6 Starting jails: centos6jls: jail "centos6" not found . I somehow managed to run it once by changing the start script from: exec.start = "/bin/sh /etc/rc"; to exec.start = "/etc/rc 3"; It started once but after I shut it down it shows the same error again wherever I am trying to start it. This is what I have configured so far: root@ultrabook:~ # cat /etc/jail.conf # Use the rc scripts to start and stop jails. Mount jail's /dev. #exec.start = "/bin/sh /etc/rc"; #exec.stop = "/bin/sh /etc/rc.shutdown"; exec.clean; allow.mount; mount.devfs; mount.fstab = "/usr/local/etc/fstab/$name"; devfs_ruleset = 4; path = "/j/$name"; host.hostname = "$name.ultrabook.yoonka.com"; exec.consolelog = "/var/log/jail/$name"; centos6 { exec.start = "/etc/rc 3"; ip4.addr = 127.0.2.1; interface = lo0; } root@ultrabook:~ # cat /usr/local/etc/fstab/centos6 linsys /j/centos6/sys linsysfs rw 0 0 linproc /j/centos6/proc linprocfs rw 0 0 #tmpfs /j/centos6/lib/init/rw tmpfs rw,mode=777 0 0 /devfs /j/centos6/dev devfs rw,ruleset=4 0 0 I was following this example: https://bluehatrecord.wordpress.com/2015/09/19/the-midnight-oil-jailing-centos6-in-freebsd-10-2/ but wanted to use the new configuration files. My system: root@ultrabook:~ # uname -a FreeBSD ultrabook.yoonka.com 10.3-RELEASE FreeBSD 10.3-RELEASE #0 r297264: Fri Mar 25 02:10:02 UTC 2016 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 How to fix or debug this 'jail "centos6" not found' error and start the jail? Grzegorz From owner-freebsd-jail@freebsd.org Sun Aug 28 23:24:28 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3336FBC5DA5 for ; Sun, 28 Aug 2016 23:24:28 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.gritton.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 06F43DCB for ; Sun, 28 Aug 2016 23:24:27 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) by gritton.org (8.15.2/8.15.2) with ESMTPS id u7SNM1w7016368 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sun, 28 Aug 2016 17:22:02 -0600 (MDT) (envelope-from jamie@freebsd.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id u7SNM1rP016367; Sun, 28 Aug 2016 17:22:01 -0600 (MDT) (envelope-from jamie@freebsd.org) X-Authentication-Warning: gritton.org: www set sender to jamie@freebsd.org using -f To: freebsd-jail@freebsd.org Subject: Re: jail not found error? X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sun, 28 Aug 2016 17:22:01 -0600 From: James Gritton In-Reply-To: <4c2fb0fd-051c-5b80-018d-e3cbf91bd56d@gjunka.com> References: <4c2fb0fd-051c-5b80-018d-e3cbf91bd56d@gjunka.com> Message-ID: X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.2.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 28 Aug 2016 23:24:28 -0000 On 2016-08-28 15:42, Grzegorz Junka wrote: > I am trying to set up a Centos 6 jail. It fails with the following > error: > > root@ultrabook:~ # service jail start centos6 > Starting jails: centos6jls: jail "centos6" not found > . > > I somehow managed to run it once by changing the start script from: > > exec.start = "/bin/sh /etc/rc"; > > to > > exec.start = "/etc/rc 3"; > > It started once but after I shut it down it shows the same error again > wherever I am trying to start it. This is what I have configured so > far: > > root@ultrabook:~ # cat /etc/jail.conf > # Use the rc scripts to start and stop jails. Mount jail's /dev. > > #exec.start = "/bin/sh /etc/rc"; > #exec.stop = "/bin/sh /etc/rc.shutdown"; > exec.clean; > > allow.mount; > mount.devfs; > mount.fstab = "/usr/local/etc/fstab/$name"; > devfs_ruleset = 4; > > path = "/j/$name"; > host.hostname = "$name.ultrabook.yoonka.com"; > exec.consolelog = "/var/log/jail/$name"; > > centos6 { > exec.start = "/etc/rc 3"; > ip4.addr = 127.0.2.1; > interface = lo0; > } > > > root@ultrabook:~ # cat /usr/local/etc/fstab/centos6 > linsys /j/centos6/sys linsysfs rw 0 0 > linproc /j/centos6/proc linprocfs rw 0 0 > #tmpfs /j/centos6/lib/init/rw tmpfs rw,mode=777 0 0 > /devfs /j/centos6/dev devfs rw,ruleset=4 0 0 > > I was following this example: > > https://bluehatrecord.wordpress.com/2015/09/19/the-midnight-oil-jailing-centos6-in-freebsd-10-2/ > > but wanted to use the new configuration files. My system: > > root@ultrabook:~ # uname -a > FreeBSD ultrabook.yoonka.com 10.3-RELEASE FreeBSD 10.3-RELEASE #0 > r297264: Fri Mar 25 02:10:02 UTC 2016 > root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 > > How to fix or debug this 'jail "centos6" not found' error and start the > jail? > > Grzegorz I wonder if the jail exists as dying - does it show up in "jls -d"? Also, for a verbose start, try "jail -v -c centos6". That shows commands that are run when creating the jail, and may pinpoint where the trouble is. - Jamie From owner-freebsd-jail@freebsd.org Mon Aug 29 08:52:11 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 29EBABC77AA for ; Mon, 29 Aug 2016 08:52:11 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from msa1.earth.yoonka.com (yoonka.com [185.24.122.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "msa1.earth.yoonka.com", Issuer "msa1.earth.yoonka.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id DAA25EAE; Mon, 29 Aug 2016 08:52:09 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from ultrabook.yoonka.com ([10.70.1.2]) (authenticated bits=0) by msa1.earth.yoonka.com (8.15.2/8.15.2) with ESMTPSA id u7T8q7HI094504 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Mon, 29 Aug 2016 08:52:07 GMT (envelope-from list1@gjunka.com) X-Authentication-Warning: msa1.earth.yoonka.com: Host [10.70.1.2] claimed to be ultrabook.yoonka.com Subject: Re: jail not found error? To: James Gritton , freebsd-jail@freebsd.org References: <4c2fb0fd-051c-5b80-018d-e3cbf91bd56d@gjunka.com> From: Grzegorz Junka Message-ID: <5148296a-10ef-7fb1-8617-29d1fccf5a89@gjunka.com> Date: Mon, 29 Aug 2016 08:52:07 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2016 08:52:11 -0000 On 28/08/2016 23:22, James Gritton wrote: > On 2016-08-28 15:42, Grzegorz Junka wrote: >> I am trying to set up a Centos 6 jail. It fails with the following >> error: >> >> root@ultrabook:~ # service jail start centos6 >> Starting jails: centos6jls: jail "centos6" not found >> . >> >> I somehow managed to run it once by changing the start script from: >> >> exec.start = "/bin/sh /etc/rc"; >> >> to >> >> exec.start = "/etc/rc 3"; >> >> It started once but after I shut it down it shows the same error again >> wherever I am trying to start it. This is what I have configured so >> far: >> >> root@ultrabook:~ # cat /etc/jail.conf >> # Use the rc scripts to start and stop jails. Mount jail's /dev. >> >> #exec.start = "/bin/sh /etc/rc"; >> #exec.stop = "/bin/sh /etc/rc.shutdown"; >> exec.clean; >> >> allow.mount; >> mount.devfs; >> mount.fstab = "/usr/local/etc/fstab/$name"; >> devfs_ruleset = 4; >> >> path = "/j/$name"; >> host.hostname = "$name.ultrabook.yoonka.com"; >> exec.consolelog = "/var/log/jail/$name"; >> >> centos6 { >> exec.start = "/etc/rc 3"; >> ip4.addr = 127.0.2.1; >> interface = lo0; >> } >> >> >> root@ultrabook:~ # cat /usr/local/etc/fstab/centos6 >> linsys /j/centos6/sys linsysfs rw 0 0 >> linproc /j/centos6/proc linprocfs rw 0 0 >> #tmpfs /j/centos6/lib/init/rw tmpfs rw,mode=777 0 0 >> /devfs /j/centos6/dev devfs rw,ruleset=4 0 0 >> >> I was following this example: >> >> https://bluehatrecord.wordpress.com/2015/09/19/the-midnight-oil-jailing-centos6-in-freebsd-10-2/ >> >> >> but wanted to use the new configuration files. My system: >> >> root@ultrabook:~ # uname -a >> FreeBSD ultrabook.yoonka.com 10.3-RELEASE FreeBSD 10.3-RELEASE #0 >> r297264: Fri Mar 25 02:10:02 UTC 2016 >> root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >> >> How to fix or debug this 'jail "centos6" not found' error and start >> the jail? >> >> Grzegorz > > I wonder if the jail exists as dying - does it show up in "jls -d"? > > Also, for a verbose start, try "jail -v -c centos6". That shows > commands that are run when creating the jail, and may pinpoint where > the trouble is. > > - Jamie No, 'jls -d' doesn't show anything but every time I try to start the jail new mounts from the jail's fstab are made, e.g. just after starting FreeBSD: linsysfs on /j/centos6/sys (linsysfs, local) linprocfs on /j/centos6/proc (linprocfs, local) devfs on /j/centos6/dev (devfs, local, multilabel) devfs on /j/centos6/dev (devfs, local, multilabel) Then after trying to start the jail again: linsysfs on /j/centos6/sys (linsysfs, local) linprocfs on /j/centos6/proc (linprocfs, local) devfs on /j/centos6/dev (devfs, local, multilabel) devfs on /j/centos6/dev (devfs, local, multilabel) linsysfs on /j/centos6/sys (linsysfs, local) linprocfs on /j/centos6/proc (linprocfs, local) devfs on /j/centos6/dev (devfs, local, multilabel) devfs on /j/centos6/dev (devfs, local, multilabel) After unmounting all those and trying again: root@ultrabook:/home/g # jail -v -c centos6 centos6: run command: /sbin/ifconfig lo0 inet 127.0.2.1 netmask 255.255.255.255 alias centos6: run command: /sbin/mount -t linsysfs -o rw linsys /j/centos6/sys centos6: run command: /sbin/mount -t linprocfs -o rw linproc /j/centos6/proc centos6: run command: /sbin/mount -t devfs -oruleset=4 . /j/centos6/dev centos6: jail_set(JAIL_CREATE) persist name=centos6 allow.mount devfs_ruleset=4 path=/j/centos6 host.hostname=centos6.ultrabook.yoonka.com ip4.addr=127.0.2.1 centos6: created centos6: run command in jail: /etc/rc 3 centos6: jail_set(JAIL_UPDATE) jid=3 nopersist root@ultrabook:/home/g # jls JID IP Address Hostname Path root@ultrabook:/home/g # jls -d JID IP Address Hostname Path Grzegorz From owner-freebsd-jail@freebsd.org Mon Aug 29 14:56:39 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id CB8C2BC7470 for ; Mon, 29 Aug 2016 14:56:39 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.gritton.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id A1BCD821 for ; Mon, 29 Aug 2016 14:56:39 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) by gritton.org (8.15.2/8.15.2) with ESMTPS id u7TEuWxB034403 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 29 Aug 2016 08:56:32 -0600 (MDT) (envelope-from jamie@freebsd.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id u7TEuWk6034402; Mon, 29 Aug 2016 08:56:32 -0600 (MDT) (envelope-from jamie@freebsd.org) X-Authentication-Warning: gritton.org: www set sender to jamie@freebsd.org using -f To: Grzegorz Junka Subject: Re: jail not found error? X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Mon, 29 Aug 2016 08:56:32 -0600 From: James Gritton Cc: freebsd-jail@freebsd.org In-Reply-To: <5148296a-10ef-7fb1-8617-29d1fccf5a89@gjunka.com> References: <4c2fb0fd-051c-5b80-018d-e3cbf91bd56d@gjunka.com> <5148296a-10ef-7fb1-8617-29d1fccf5a89@gjunka.com> Message-ID: X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.2.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Aug 2016 14:56:39 -0000 On 2016-08-29 02:52, Grzegorz Junka wrote: > On 28/08/2016 23:22, James Gritton wrote: >> On 2016-08-28 15:42, Grzegorz Junka wrote: >>> I am trying to set up a Centos 6 jail. It fails with the following >>> error: >>> >>> root@ultrabook:~ # service jail start centos6 >>> Starting jails: centos6jls: jail "centos6" not found >>> . >>> >>> I somehow managed to run it once by changing the start script from: >>> >>> exec.start = "/bin/sh /etc/rc"; >>> >>> to >>> >>> exec.start = "/etc/rc 3"; >>> >>> It started once but after I shut it down it shows the same error >>> again >>> wherever I am trying to start it. This is what I have configured so >>> far: >>> >>> root@ultrabook:~ # cat /etc/jail.conf >>> # Use the rc scripts to start and stop jails. Mount jail's /dev. >>> >>> #exec.start = "/bin/sh /etc/rc"; >>> #exec.stop = "/bin/sh /etc/rc.shutdown"; >>> exec.clean; >>> >>> allow.mount; >>> mount.devfs; >>> mount.fstab = "/usr/local/etc/fstab/$name"; >>> devfs_ruleset = 4; >>> >>> path = "/j/$name"; >>> host.hostname = "$name.ultrabook.yoonka.com"; >>> exec.consolelog = "/var/log/jail/$name"; >>> >>> centos6 { >>> exec.start = "/etc/rc 3"; >>> ip4.addr = 127.0.2.1; >>> interface = lo0; >>> } >>> >>> >>> root@ultrabook:~ # cat /usr/local/etc/fstab/centos6 >>> linsys /j/centos6/sys linsysfs rw 0 0 >>> linproc /j/centos6/proc linprocfs rw 0 0 >>> #tmpfs /j/centos6/lib/init/rw tmpfs rw,mode=777 0 0 >>> /devfs /j/centos6/dev devfs rw,ruleset=4 0 0 >>> >>> I was following this example: >>> >>> https://bluehatrecord.wordpress.com/2015/09/19/the-midnight-oil-jailing-centos6-in-freebsd-10-2/ >>> but wanted to use the new configuration files. My system: >>> >>> root@ultrabook:~ # uname -a >>> FreeBSD ultrabook.yoonka.com 10.3-RELEASE FreeBSD 10.3-RELEASE #0 >>> r297264: Fri Mar 25 02:10:02 UTC 2016 >>> root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >>> >>> How to fix or debug this 'jail "centos6" not found' error and start >>> the jail? >>> >>> Grzegorz >> >> I wonder if the jail exists as dying - does it show up in "jls -d"? >> >> Also, for a verbose start, try "jail -v -c centos6". That shows >> commands that are run when creating the jail, and may pinpoint where >> the trouble is. >> >> - Jamie > > No, 'jls -d' doesn't show anything but every time I try to start the > jail new mounts from the jail's fstab are made, e.g. just after > starting FreeBSD: > > linsysfs on /j/centos6/sys (linsysfs, local) > linprocfs on /j/centos6/proc (linprocfs, local) > devfs on /j/centos6/dev (devfs, local, multilabel) > devfs on /j/centos6/dev (devfs, local, multilabel) > > Then after trying to start the jail again: > > linsysfs on /j/centos6/sys (linsysfs, local) > linprocfs on /j/centos6/proc (linprocfs, local) > devfs on /j/centos6/dev (devfs, local, multilabel) > devfs on /j/centos6/dev (devfs, local, multilabel) > linsysfs on /j/centos6/sys (linsysfs, local) > linprocfs on /j/centos6/proc (linprocfs, local) > devfs on /j/centos6/dev (devfs, local, multilabel) > devfs on /j/centos6/dev (devfs, local, multilabel) > > After unmounting all those and trying again: > > root@ultrabook:/home/g # jail -v -c centos6 > centos6: run command: /sbin/ifconfig lo0 inet 127.0.2.1 netmask > 255.255.255.255 alias > centos6: run command: /sbin/mount -t linsysfs -o rw linsys > /j/centos6/sys > centos6: run command: /sbin/mount -t linprocfs -o rw linproc > /j/centos6/proc > centos6: run command: /sbin/mount -t devfs -oruleset=4 . /j/centos6/dev > centos6: jail_set(JAIL_CREATE) persist name=centos6 allow.mount > devfs_ruleset=4 path=/j/centos6 > host.hostname=centos6.ultrabook.yoonka.com ip4.addr=127.0.2.1 > centos6: created > centos6: run command in jail: /etc/rc 3 > centos6: jail_set(JAIL_UPDATE) jid=3 nopersist > root@ultrabook:/home/g # jls > JID IP Address Hostname Path > root@ultrabook:/home/g # jls -d > JID IP Address Hostname Path > > Grzegorz That all looks good from the jail(8) side of things. By "good" I mean it's doing what it's expected to do. The jail is created as it should be, the start command ("/etc/rc 3") is run with no errors, and the jail is still there when the temporary persist flag is removed. It's probably that last step that makes the jail go away. jail(8) initially creates jails with the persist flag set, so it can be sure the jail is still there for later operations. Unless the flag is mentioned in the config though, it clears it after everything else is done. The idea is that once the start commands have been run, there will be some process still running in the jail to keep it around. I'm guessing that in your case there isn't one. That may be by design (you don't have any daemons you want to run, not generally the case) or by error. The next place to look is in the jail's console log, which will have the output from that /etc/rc run. You can make the jail stick around by adding "persist" to the jail.conf entry. But chances are, you still need to find why the startup commands aren't doing what you want. - Jamie From owner-freebsd-jail@freebsd.org Tue Aug 30 00:04:46 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E150EBC7F80 for ; Tue, 30 Aug 2016 00:04:46 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from msa1.earth.yoonka.com (yoonka.com [185.24.122.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "msa1.earth.yoonka.com", Issuer "msa1.earth.yoonka.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7E50CD6B; Tue, 30 Aug 2016 00:04:45 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from crayon2.yoonka.com (crayon2.yoonka.com [10.70.7.20]) (authenticated bits=0) by msa1.earth.yoonka.com (8.15.2/8.15.2) with ESMTPSA id u7U04c16011200 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO); Tue, 30 Aug 2016 00:04:38 GMT (envelope-from list1@gjunka.com) Subject: Re: jail not found error? To: James Gritton References: <4c2fb0fd-051c-5b80-018d-e3cbf91bd56d@gjunka.com> <5148296a-10ef-7fb1-8617-29d1fccf5a89@gjunka.com> Cc: freebsd-jail@freebsd.org From: Grzegorz Junka Message-ID: <49ed2697-342c-46ab-9008-27c548a89092@gjunka.com> Date: Tue, 30 Aug 2016 00:04:38 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Aug 2016 00:04:47 -0000 On 29/08/2016 14:56, James Gritton wrote: > On 2016-08-29 02:52, Grzegorz Junka wrote: >> On 28/08/2016 23:22, James Gritton wrote: >>> On 2016-08-28 15:42, Grzegorz Junka wrote: >>>> I am trying to set up a Centos 6 jail. It fails with the following >>>> error: >>>> >>>> root@ultrabook:~ # service jail start centos6 >>>> Starting jails: centos6jls: jail "centos6" not found >>>> . >>>> >>>> I somehow managed to run it once by changing the start script from: >>>> >>>> exec.start = "/bin/sh /etc/rc"; >>>> >>>> to >>>> >>>> exec.start = "/etc/rc 3"; >>>> >>>> It started once but after I shut it down it shows the same error again >>>> wherever I am trying to start it. This is what I have configured so >>>> far: >>>> >>>> root@ultrabook:~ # cat /etc/jail.conf >>>> # Use the rc scripts to start and stop jails. Mount jail's /dev. >>>> >>>> #exec.start = "/bin/sh /etc/rc"; >>>> #exec.stop = "/bin/sh /etc/rc.shutdown"; >>>> exec.clean; >>>> >>>> allow.mount; >>>> mount.devfs; >>>> mount.fstab = "/usr/local/etc/fstab/$name"; >>>> devfs_ruleset = 4; >>>> >>>> path = "/j/$name"; >>>> host.hostname = "$name.ultrabook.yoonka.com"; >>>> exec.consolelog = "/var/log/jail/$name"; >>>> >>>> centos6 { >>>> exec.start = "/etc/rc 3"; >>>> ip4.addr = 127.0.2.1; >>>> interface = lo0; >>>> } >>>> >>>> >>>> root@ultrabook:~ # cat /usr/local/etc/fstab/centos6 >>>> linsys /j/centos6/sys linsysfs rw 0 0 >>>> linproc /j/centos6/proc linprocfs rw 0 0 >>>> #tmpfs /j/centos6/lib/init/rw tmpfs rw,mode=777 0 0 >>>> /devfs /j/centos6/dev devfs rw,ruleset=4 0 0 >>>> >>>> I was following this example: >>>> >>>> https://bluehatrecord.wordpress.com/2015/09/19/the-midnight-oil-jailing-centos6-in-freebsd-10-2/ >>>> but wanted to use the new configuration files. My system: >>>> >>>> root@ultrabook:~ # uname -a >>>> FreeBSD ultrabook.yoonka.com 10.3-RELEASE FreeBSD 10.3-RELEASE #0 >>>> r297264: Fri Mar 25 02:10:02 UTC 2016 >>>> root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64 >>>> >>>> How to fix or debug this 'jail "centos6" not found' error and start >>>> the jail? >>>> >>>> Grzegorz >>> >>> I wonder if the jail exists as dying - does it show up in "jls -d"? >>> >>> Also, for a verbose start, try "jail -v -c centos6". That shows >>> commands that are run when creating the jail, and may pinpoint where >>> the trouble is. >>> >>> - Jamie >> >> No, 'jls -d' doesn't show anything but every time I try to start the >> jail new mounts from the jail's fstab are made, e.g. just after >> starting FreeBSD: >> >> linsysfs on /j/centos6/sys (linsysfs, local) >> linprocfs on /j/centos6/proc (linprocfs, local) >> devfs on /j/centos6/dev (devfs, local, multilabel) >> devfs on /j/centos6/dev (devfs, local, multilabel) >> >> Then after trying to start the jail again: >> >> linsysfs on /j/centos6/sys (linsysfs, local) >> linprocfs on /j/centos6/proc (linprocfs, local) >> devfs on /j/centos6/dev (devfs, local, multilabel) >> devfs on /j/centos6/dev (devfs, local, multilabel) >> linsysfs on /j/centos6/sys (linsysfs, local) >> linprocfs on /j/centos6/proc (linprocfs, local) >> devfs on /j/centos6/dev (devfs, local, multilabel) >> devfs on /j/centos6/dev (devfs, local, multilabel) >> >> After unmounting all those and trying again: >> >> root@ultrabook:/home/g # jail -v -c centos6 >> centos6: run command: /sbin/ifconfig lo0 inet 127.0.2.1 netmask >> 255.255.255.255 alias >> centos6: run command: /sbin/mount -t linsysfs -o rw linsys >> /j/centos6/sys >> centos6: run command: /sbin/mount -t linprocfs -o rw linproc >> /j/centos6/proc >> centos6: run command: /sbin/mount -t devfs -oruleset=4 . /j/centos6/dev >> centos6: jail_set(JAIL_CREATE) persist name=centos6 allow.mount >> devfs_ruleset=4 path=/j/centos6 >> host.hostname=centos6.ultrabook.yoonka.com ip4.addr=127.0.2.1 >> centos6: created >> centos6: run command in jail: /etc/rc 3 >> centos6: jail_set(JAIL_UPDATE) jid=3 nopersist >> root@ultrabook:/home/g # jls >> JID IP Address Hostname Path >> root@ultrabook:/home/g # jls -d >> JID IP Address Hostname Path >> >> Grzegorz > > That all looks good from the jail(8) side of things. By "good" I mean > it's doing what it's expected to do. The jail is created as it should > be, the start command ("/etc/rc 3") is run with no errors, and the > jail is still there when the temporary persist flag is removed. > > It's probably that last step that makes the jail go away. jail(8) > initially creates jails with the persist flag set, so it can be sure > the jail is still there for later operations. Unless the flag is > mentioned in the config though, it clears it after everything else is > done. The idea is that once the start commands have been run, there > will be some process still running in the jail to keep it around. I'm > guessing that in your case there isn't one. That may be by design > (you don't have any daemons you want to run, not generally the case) > or by error. The next place to look is in the jail's console log, > which will have the output from that /etc/rc run. > > You can make the jail stick around by adding "persist" to the > jail.conf entry. But chances are, you still need to find why the > startup commands aren't doing what you want. > > - Jamie Thank you for the tip. It looks like the image was a simple version starting only sshd, which actually wasn't starting because of some error. So there was no daemon to run in the jail. Adding the persist configuration option to the jail configuration allowed it to stay running. Grzegorz From owner-freebsd-jail@freebsd.org Fri Sep 2 21:08:31 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id E5603BCD6BD for ; Fri, 2 Sep 2016 21:08:31 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from msa1.earth.yoonka.com (yoonka.com [185.24.122.233]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "msa1.earth.yoonka.com", Issuer "msa1.earth.yoonka.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 7CC293F4 for ; Fri, 2 Sep 2016 21:08:30 +0000 (UTC) (envelope-from list1@gjunka.com) Received: from ultrabook.yoonka.com (p5DC0F31D.dip0.t-ipconnect.de [93.192.243.29]) (authenticated bits=0) by msa1.earth.yoonka.com (8.15.2/8.15.2) with ESMTPSA id u82L8MOh036859 (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128 verify=NO) for ; Fri, 2 Sep 2016 21:08:23 GMT (envelope-from list1@gjunka.com) X-Authentication-Warning: msa1.earth.yoonka.com: Host p5DC0F31D.dip0.t-ipconnect.de [93.192.243.29] claimed to be ultrabook.yoonka.com To: freebsd-jail@freebsd.org From: Grzegorz Junka Subject: Changing jail's IP automatically Message-ID: <872dfbe1-3f39-bf5f-44b2-611bd92a1210@gjunka.com> Date: Fri, 2 Sep 2016 21:08:18 +0000 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Sep 2016 21:08:32 -0000 I am using a jail on my laptop and I often connect to different WiFi's, which of course assign different IPs to my laptop. I set up the jail by adding an alias to wlan0 and I need to update the IP every time I switch the WiFi network. Is it possible to create a jail with IP assigned dynamically, e.g. from DHCP, or at least switch between predefined IPs more easily than by editing /etc/jail.conf? Grzegorz From owner-freebsd-jail@freebsd.org Sat Sep 3 15:33:22 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 61DABBCE8CC for ; Sat, 3 Sep 2016 15:33:22 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "www.gritton.org", Issuer "StartCom Class 1 Primary Intermediate Server CA" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 43024940 for ; Sat, 3 Sep 2016 15:33:21 +0000 (UTC) (envelope-from jamie@freebsd.org) Received: from gritton.org (gritton.org [162.220.209.3]) by gritton.org (8.15.2/8.15.2) with ESMTPS id u83FX9gg069023 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 3 Sep 2016 09:33:09 -0600 (MDT) (envelope-from jamie@freebsd.org) Received: (from www@localhost) by gritton.org (8.15.2/8.15.2/Submit) id u83FX824069022; Sat, 3 Sep 2016 09:33:08 -0600 (MDT) (envelope-from jamie@freebsd.org) X-Authentication-Warning: gritton.org: www set sender to jamie@freebsd.org using -f To: Grzegorz Junka Subject: Re: Changing jail's IP automatically X-PHP-Originating-Script: 0:rcube.php MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit Date: Sat, 03 Sep 2016 09:33:08 -0600 From: James Gritton Cc: freebsd-jail@freebsd.org In-Reply-To: <872dfbe1-3f39-bf5f-44b2-611bd92a1210@gjunka.com> References: <872dfbe1-3f39-bf5f-44b2-611bd92a1210@gjunka.com> Message-ID: <4fa37d2e14665ff5a00548626e55142f@gritton.org> X-Sender: jamie@freebsd.org User-Agent: Roundcube Webmail/1.2.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Sep 2016 15:33:22 -0000 On 2016-09-02 15:08, Grzegorz Junka wrote: > I am using a jail on my laptop and I often connect to different > WiFi's, which of course assign different IPs to my laptop. I set up > the jail by adding an alias to wlan0 and I need to update the IP every > time I switch the WiFi network. Is it possible to create a jail with > IP assigned dynamically, e.g. from DHCP, or at least switch between > predefined IPs more easily than by editing /etc/jail.conf? You can always add addresses later. I would create the jail without any IP address specified in jail.conf, and then have a exec.poststart script that sets the address using something like "jail -m name=foo ip4.addr=1.2.3.4". And similarly when the network switches, it would need to trigger a similar script that resets the address. It's a little more complicated that than though: network daemons will be bound to the old address after the switch, so you'll need to run the proper service(8) commands to restart those, in the right order. Or depending on the service, maybe a kick of some sort (like a kill -1) would do the trick. And at start time, if the jail has no IP address of its own, anything it runs will use the regular system IP addresses. That's definitely not what you want. Unfortunately, jail(8) doesn't have a way to run a script in the system environment after the jail is created but before exec.start is run. That would be the right place to set the initial address. So barring that, you may want to have network services not started up at all, until this poststart script sets the address. So it's still not a simple issue. - Jamie From owner-freebsd-jail@freebsd.org Sat Sep 3 15:52:28 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 12A2FBCED93 for ; Sat, 3 Sep 2016 15:52:28 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from kib.kiev.ua (kib.kiev.ua [IPv6:2001:470:d5e7:1::1]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id A0664252D; Sat, 3 Sep 2016 15:52:27 +0000 (UTC) (envelope-from kostikbel@gmail.com) Received: from tom.home (kib@localhost [127.0.0.1]) by kib.kiev.ua (8.15.2/8.15.2) with ESMTPS id u83FqMSU033897 (version=TLSv1 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Sat, 3 Sep 2016 18:52:22 +0300 (EEST) (envelope-from kostikbel@gmail.com) DKIM-Filter: OpenDKIM Filter v2.10.3 kib.kiev.ua u83FqMSU033897 Received: (from kostik@localhost) by tom.home (8.15.2/8.15.2/Submit) id u83FqM3C033896; Sat, 3 Sep 2016 18:52:22 +0300 (EEST) (envelope-from kostikbel@gmail.com) X-Authentication-Warning: tom.home: kostik set sender to kostikbel@gmail.com using -f Date: Sat, 3 Sep 2016 18:52:22 +0300 From: Konstantin Belousov To: James Gritton Cc: Grzegorz Junka , freebsd-jail@freebsd.org Subject: Re: Changing jail's IP automatically Message-ID: <20160903155222.GV83214@kib.kiev.ua> References: <872dfbe1-3f39-bf5f-44b2-611bd92a1210@gjunka.com> <4fa37d2e14665ff5a00548626e55142f@gritton.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <4fa37d2e14665ff5a00548626e55142f@gritton.org> User-Agent: Mutt/1.6.1 (2016-04-27) X-Spam-Status: No, score=-2.0 required=5.0 tests=ALL_TRUSTED,BAYES_00, DKIM_ADSP_CUSTOM_MED,FREEMAIL_FROM,NML_ADSP_CUSTOM_MED autolearn=no autolearn_force=no version=3.4.1 X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on tom.home X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Sep 2016 15:52:28 -0000 On Sat, Sep 03, 2016 at 09:33:08AM -0600, James Gritton wrote: > On 2016-09-02 15:08, Grzegorz Junka wrote: > > I am using a jail on my laptop and I often connect to different > > WiFi's, which of course assign different IPs to my laptop. I set up > > the jail by adding an alias to wlan0 and I need to update the IP every > > time I switch the WiFi network. Is it possible to create a jail with > > IP assigned dynamically, e.g. from DHCP, or at least switch between > > predefined IPs more easily than by editing /etc/jail.conf? > > You can always add addresses later. I use private address in the jail, and NAT it on outside interface. This worked fine on a roaming laptop with DHCP, several years ago. From owner-freebsd-jail@freebsd.org Sat Sep 3 17:50:41 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AC24CBCE88E for ; Sat, 3 Sep 2016 17:50:41 +0000 (UTC) (envelope-from ike@blackskyresearch.net) Received: from out4-smtp.messagingengine.com (out4-smtp.messagingengine.com [66.111.4.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 8425863D; Sat, 3 Sep 2016 17:50:41 +0000 (UTC) (envelope-from ike@blackskyresearch.net) Received: from compute2.internal (compute2.nyi.internal [10.202.2.42]) by mailout.nyi.internal (Postfix) with ESMTP id 6FD4D204AB; Sat, 3 Sep 2016 13:50:34 -0400 (EDT) Received: from frontend1 ([10.202.2.160]) by compute2.internal (MEProxy); Sat, 03 Sep 2016 13:50:34 -0400 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= blackskyresearch.net; h=cc:content-transfer-encoding :content-type:date:from:message-id:mime-version:subject:to :x-sasl-enc:x-sasl-enc; s=mesmtp; bh=Ids8W0eOozWlTwGP01if+LsG0qM =; b=X+lUEcvp+jb5eKtmDRLjhq3jefoy32kjaqniMytqjO3Jc3ffAZ76D98Qqxj 5NR8sT/e2Wn14rKxW5SNDFXUHnGLR1ZButeLw5WG43BFepEFa747CQpsmIydxxBI Ts3ntWGGZJ1V1wyzR5DR7MpMTm3KdMp8J2XYEYFTMz2aFehs= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-sasl-enc :x-sasl-enc; s=smtpout; bh=Ids8W0eOozWlTwGP01if+LsG0qM=; b=nKmzN 9fb7m9X6rNZwE14iSdZqWj9Im7HroEFOGL3eZszk2KosMlzNvcFHHqd2ol1P6SNf 6NiQBDUgOJwh39ZZVgz2YzWNWVF597td9EAFwXQK/K3Q13yuT32i/wYOn5MhyQyo qaV8jh7Kg2QyMMuawL+fKP/E92LPGeOJw2IkBw= X-Sasl-enc: JY/NDIrmqTX75KiSHCApLOC5i5V2IylLVSxTBCPPnOBD 1472925033 Received: from [10.196.58.111] (dynggrab-111-131-71-105.inwitelecom.net [105.71.131.111]) by mail.messagingengine.com (Postfix) with ESMTPA id EE49EF29CF; Sat, 3 Sep 2016 13:50:33 -0400 (EDT) From: "Isaac (.ike) Levy" Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (1.0) Subject: Re: Changing jail's IP automatically Message-Id: Date: Sat, 3 Sep 2016 18:50:29 +0100 Cc: James Gritton , freebsd-jail@freebsd.org To: Konstantin Belousov X-Mailer: iPhone Mail (13G36) X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Sep 2016 17:50:41 -0000 sent from my mobile > On Sep 3, 2016, at 4:52 PM, Konstantin Belousov wrot= e: >=20 > I use private address in the jail, and NAT it on outside interface. > This worked fine on a roaming laptop with DHCP, several years ago. Solid advice for this applied use, nat setup either 1:1 mapping or port forw= arding is straightforward. NAT'd IP interfaces also worked great for our jail based ISP, 15 years ago p= lus :) Best, .ike From owner-freebsd-jail@freebsd.org Sat Sep 3 23:11:51 2016 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2FCDBBCF0BF for ; Sat, 3 Sep 2016 23:11:51 +0000 (UTC) (envelope-from James@Lodge.me.uk) Received: from EUR01-HE1-obe.outbound.protection.outlook.com (mail-he1eur01on0097.outbound.protection.outlook.com [104.47.0.97]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "mail.protection.outlook.com", Issuer "Microsoft IT SSL SHA2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A15BDD8D; Sat, 3 Sep 2016 23:11:49 +0000 (UTC) (envelope-from James@Lodge.me.uk) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gavinlodge.onmicrosoft.com; s=selector1-Lodge-me-uk; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=3lOyEiR+fAck9c1VGj3KWHyxpWlLez1DHvMAGW3cVYk=; b=Bw1kK38D8fPVepjjXZ8n2rMKges0NUxc2dQCMzdQQDsaYHNNLJRzBq2VlZnPxBjUfSypBAPyCByAKBIvIpc7jZJYIOYr0wOP6fmmfSq2Nl51DJtD/Ch7ptbTZoULw1QkX8S1C27siy5UDhC1i+DBhHyhReCzNKEOtbqxoSLwG9s= Received: from HE1PR0601MB2090.eurprd06.prod.outlook.com (10.168.34.153) by HE1PR0601MB2090.eurprd06.prod.outlook.com (10.168.34.153) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384) id 15.1.587.13; Sat, 3 Sep 2016 15:49:25 +0000 Received: from HE1PR0601MB2090.eurprd06.prod.outlook.com ([10.168.34.153]) by HE1PR0601MB2090.eurprd06.prod.outlook.com ([10.168.34.153]) with mapi id 15.01.0587.013; Sat, 3 Sep 2016 15:49:25 +0000 From: James Lodge To: James Gritton CC: Grzegorz Junka , "freebsd-jail@freebsd.org" Subject: Re: Changing jail's IP automatically Thread-Topic: Changing jail's IP automatically Thread-Index: AQHSBV4uLgfUvG4DUEy/8y53b6bozaBn5jQAgAAEjYU= Date: Sat, 3 Sep 2016 15:49:25 +0000 Message-ID: References: <872dfbe1-3f39-bf5f-44b2-611bd92a1210@gjunka.com>, <4fa37d2e14665ff5a00548626e55142f@gritton.org> In-Reply-To: <4fa37d2e14665ff5a00548626e55142f@gritton.org> Accept-Language: en-GB, en-US Content-Language: en-GB X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=James@Lodge.me.uk; x-originating-ip: [81.174.132.199] x-ms-office365-filtering-correlation-id: 18bd3847-36f2-483b-cc1e-08d3d411e1ac x-microsoft-exchange-diagnostics: 1; HE1PR0601MB2090; 6:1ZBHXzWOCo7TiV1xR9vAQEWD96fFMMAq6PT/6+PzQ5mHpmEitxDdwWWuiWf3hoqEC5PnCnNXszAhuLhVFLpEH+bMjRb0KJP6hdV0KeALaWdsXydHw7tN0NzuPBjnCAH7tVlOgpubKBpLL+eI2rA8ji5EY8wSWkCRRPUS6rrbovi5ErXkZNceGqUnKVoUYn8YCPPrfv4QSiAAEpoaIHFIOI8o1Ih0tn0WjStW8PtDFSi33J5CpgDNRLi0Y703ckByPSvORUNCrMmgBKOOzC21ddFuhg/60VyL+Dj4Fejvch37GAITfAgFY1XoDrix1zCM; 5:vJC7QOhzlZYTVYwFBwtcUDECCvE8lwcDM9FjBrxGMzdl9HTjp7u7GZCUwRD+pNUH7WP+3FW6gORgryypICHzkR32VnuahlBYvquJCZBQRtT0G9z5Ola1VxCZEZZaYwF3VCIfuRfXYXoo6TnCCBVIjA==; 24:LI8mIlyuEWbH6MbcuvkT4wstsHrXlHT1+3UDh4TAG85es1Ox5IA9rtXnEM7jQSidtENzOOAJ7YbteDEg1FTUFwVv3QghmlQcTPsUxvWO9wo=; 7:Slvz1T1SaEGWKEcS2Vl5Rbs150K+ucKvnXafyCshNs/hQaTkRu2GAkSzbptLKqlrjSjUUdhLj/6ADua6jdy6T0VfyOQcGYaLSE89IBxrgf0tJSqatvoUYT4pNcepN6sxJOtqISq1349RQ4/pUSFqycCJXiQlNIDmuwYHzcEfJX9HVbtkCT1M39HY02K8atgEYqdwk0fcakKlpwM5xJCiXnX/agSVkon2qVIptG/Tef87I5UvmPQgd79/oUXmqhcH x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:HE1PR0601MB2090; x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(75325880899374)(21532816269658); x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6043046)(6042046); SRVR:HE1PR0601MB2090; BCL:0; PCL:0; RULEID:; SRVR:HE1PR0601MB2090; x-forefront-prvs: 00540983E2 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(7916002)(24454002)(189002)(199003)(377424004)(106116001)(50986999)(3846002)(80792005)(92566002)(122556002)(97736004)(5002640100001)(4326007)(2906002)(305945005)(15975445007)(76176999)(68736007)(54356999)(66066001)(5003630100001)(189998001)(110136002)(105586002)(101416001)(2950100001)(7736002)(19580395003)(19580405001)(7846002)(3660700001)(5660300001)(106356001)(87936001)(82746002)(86362001)(83716003)(77096005)(81166006)(11100500001)(36756003)(3280700002)(3480700004)(74482002)(102836003)(6116002)(81156014)(586003)(8676002)(8936002)(2900100001)(33656002)(10400500002)(104396002); DIR:OUT; SFP:1102; SCL:1; SRVR:HE1PR0601MB2090; H:HE1PR0601MB2090.eurprd06.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; MX:1; A:1; LANG:en; received-spf: None (protection.outlook.com: Lodge.me.uk does not designate permitted sender hosts) spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Sep 2016 15:49:25.3110 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: ded56ae9-7c77-4cf6-bbfd-39e6a505742d X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0601MB2090 X-Microsoft-Exchange-Diagnostics: 1; HE1PR0601MB2090; 23:ypJatKUzIlsB7u1wKk3DrpLRitpme2JmADjCu8XCrXftnp7r3SCAsZ+nLh5AtWuUT1vPIdKRKLJKjDOnSfKkZZGrp2dJlWZX6jEQVIkr5q7TH/T6GhlZBxSp7vd2PZyzVzG6SUWre09QJw49HAkopIXMmKY9mGoyzB8VjKXVSzL3CbVoFNxCwOroQ/ncVdvu X-OriginatorOrg: Lodge.me.uk X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 03 Sep 2016 23:11:51 -0000 Would PF and NAT not work for you? NAT to the WLAN0 IP (DHCP assigned) usin= g PF macros and have a separate subnet for your jails? This would be PAT so= you might have issues with accessing services inbound if you're using the = same port in multiple jails. Just an idea.....=20 Sent from my iPad > On 3 Sep 2016, at 16:33, James Gritton wrote: >=20 >> On 2016-09-02 15:08, Grzegorz Junka wrote: >> I am using a jail on my laptop and I often connect to different >> WiFi's, which of course assign different IPs to my laptop. I set up >> the jail by adding an alias to wlan0 and I need to update the IP every >> time I switch the WiFi network. Is it possible to create a jail with >> IP assigned dynamically, e.g. from DHCP, or at least switch between >> predefined IPs more easily than by editing /etc/jail.conf? >=20 > You can always add addresses later. I would create the jail without any = IP address specified in jail.conf, and then have a exec.poststart script th= at sets the address using something like "jail -m name=3Dfoo ip4.addr=3D1.2= .3.4". And similarly when the network switches, it would need to trigger a= similar script that resets the address. >=20 > It's a little more complicated that than though: network daemons will be = bound to the old address after the switch, so you'll need to run the proper= service(8) commands to restart those, in the right order. Or depending on= the service, maybe a kick of some sort (like a kill -1) would do the trick= . >=20 > And at start time, if the jail has no IP address of its own, anything it = runs will use the regular system IP addresses. That's definitely not what = you want. Unfortunately, jail(8) doesn't have a way to run a script in the= system environment after the jail is created but before exec.start is run.= That would be the right place to set the initial address. So barring tha= t, you may want to have network services not started up at all, until this = poststart script sets the address. So it's still not a simple issue. >=20 > - Jamie > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"